What's new

How can I restrict LAN access on my router's OpenVPN server? (RT-AC87U)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ziggyball

New Around Here
Hi,

I have setup the built in OpenVPN server and using "OpenVPN Connect" app I can access the internet and my LAN.

My question is how do I restrict access to my LAN from the VPN connection?
I have tried toggling the 'Push LAN to clients' option, in advanced settings, but this doesn't seem to make any difference.

Any help with this would be much appreciated.

I am using the standard firmware in RT-AC87U router. I am not great with networking so apologies if the answer is obvious.

Thanks.
 
Hi,
My question is how do I restrict access to my LAN from the VPN connection?

You would have to specify what restriction you want to be applied. Time? Event? Certain LAN clients?

Also, I assume you mean you want to restrict access to the VPN from your LAN, rather than the other way round?
 
I would assume the simplest thing would be just to restrict all VPN clients to only be able to access the internet through the router and not access any of my LAN clients, all of the time.

My use case is that I want the VPN clients to be able to access my UK internet when out of the country. And I dont want any of the VPN clients to be able to access my LAN.
 
I would assume the simplest thing would be just to restrict all VPN clients to only be able to access the internet through the router and not access any of my LAN clients, all of the time.

My use case is that I want the VPN clients to be able to access my UK internet when out of the country. And I dont want any of the VPN clients to be able to access my LAN.
How do you identify the VPN clients? Is that a changing set of LAN clients, e.g. everyone who is curretnly connected? Or is it a fixed certain set of devices? Are they always connecing to e certain WLAN SSID? Or something else?
 
Also, I assume you mean you want to restrict access to the VPN from your LAN, rather than the other way round?
No, it's the other way around.
How do you identify the VPN clients? Is that a changing set of LAN clients, e.g. everyone who is curretnly connected? Or is it a fixed certain set of devices? Are they always connecing to e certain WLAN SSID? Or something else?
As he stated in his reply to you, these are not LAN clients.
 
I am using the built-in openVPN sever and it looks like it gives them 10.8.0.x IP addresses rather than my standard 192.168.0.x IP addresses. So that could be a way of distinguishing?
 
I am using the built-in openVPN sever and it looks like it gives them 10.8.0.x IP addresses rather than my standard 192.168.0.x IP addresses. So that could be a way of distinguishing?
Maybe. What are you trying to prevent access to. Windows Firewall for example will block access from most devices unless they are on the same subnet (which would not be the case with a VPN client). RDP being the notable exception.
 
I am looking at blocking access to everything on the LAN. So I suppose it would be that anything in the VPN's 10.8.0.x IP address space can access everything (internet etc) except 192.168.0.x
 
I can't think of a way of doing in through the GUI (but that doesn't mean there isn't one).

If you are running Merlin's firmware instead stock then you could do it with a user script.
 
I am looking at blocking access to everything on the LAN. So I suppose it would be that anything in the VPN's 10.8.0.x IP address space can access everything (internet etc) except 192.168.0.x

The @RMerlin firmware has the GUI option:

upload_2019-4-21_19-19-3.png


which applies to any OpenVPN client (default 10.8.0.x/10.16.0.x) that connects to your OpenVPN server, but if you need greater control, you will need to assign static IP addresses to the clients, and use the openvpn-event script(s)
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top